5 Reasons Why “Bring Your Own Device” Policies for Remote Work Programs are a Bad Idea
Mischa Dick
Reinventing Healthcare Operations - Pop Health & RAF | LOS | Capacity | Provider Sat | Cost of Care. Unlock Dormant Capability In Partnership With Employees. Managing Partner.
Work from home arrangements for revenue cycle roles are becoming more and more popular in recent years (Work from home programs have been described as a “win-win” strategy for providers). As organizations come together to plan out their remote work programs, a notable point of discussion is whether to supply hardware for employees or use a “Bring Your Own Device” (BYOD) approach in which employees supply their own hardware.
Recent conversations with leaders considering the move have left me scratching my head. The BYOD approach to sending folks home is a bad idea in the healthcare setting, and here is why:
#1 Device Security
Security in a remote work setting is critical, especially in healthcare.
When an employer supplies hardware for its employees, it has complete control over the device. The devices are standardized, encrypted and malware-free with updated operating systems and anti-virus software. The hardware is supplied with the expectation that it be used for work purposes only and employers can install robust remote management technology to alleviate typical security concerns with remote staff.
A BYOD program offers none of these baseline security measures and heavily relies on remote staff to supply their own IT knowledge. Furthermore, BYOD programs risk cross contamination issues, printer access, and inadequate password policies.
#2 Unsecured Wi-Fi Connections
The use of wireless networks is a major concern for remote employees. Cyber-criminals monitor and collect the information transmitted across unsecure networks every day and use it for whatever purpose they see fit. The use of a virtual private network (VPN) minimizes much of this risk, but devices are now being targeted in those crucial moments when a device connects to an unsecure network to access the VPN.
With remote management software installed on a device, employers can restrict Wi-Fi access to approved and secure networks in a process known as Wi-Fi blocking, to eliminate this exposure altogether. However, Wi-Fi blocking is significantly more challenging to implement in a BYOD system due to the setup variation and history of devices being used by remote workers.
#3 USB Security
When used for malicious purposes, USB devices can be used to steal sensitive information, track keystrokes or upload malware. Even if the USB drive was distributed by a trusted brand.
Using remote management tools, an employer can limit USB port use to approved devices, such as headsets and keyboards, while blocking all others.
In a BYOD system, employees are free to use their devices for personal use. This will likely include storing and transmitting personal data and files with these removable storage devices.
#4 Application Management
With employer-provided hardware, devices can be delivered to employees with all the applications needed for the role with built-in control over the downloading and updating of any additional apps.
While many think that any app downloaded from the Apple or Android store is safe, this has been proven not to be the case (most notably “Adware Doctor”).
In BYOD programs, employees feel free to download any app they choose on a personal device. Even if their intentions are to keep the device safe and secure for working condition they are still at risk of accidentally downloading malicious applications.
#5 Lost Device Vulnerability
The ability to remote wipe lost devices is now commonplace for business operations. When hardware is supplied by the employer and a device is reported lost or stolen, the device can easily be cleared of all sensitive information. Since provided hardware is the property of the employer, lost devices can be wiped at will.
Employee provided hardware that contains personal data (family pictures, music, contacts) complicate this matter and have even led to lawsuits.
Advocates for the BYOD work from home policy claim that it reduces cost, IT concerns, and that it is the easiest system for implementing remote teams.
However, in a highly regulated healthcare setting, the significant security risks associated with BYOD policies make providing hardware for employees the easy choice.
The reality is that revenue cycle leaders shouldn’t be losing any sleep over which remote work model they are going to adapt.
That is why we at HEI Health developed the Virtual Team Services Environment for sending teams home to work remotely. We’ve assembled a work from home kit that contains everything from secure hardware, remote monitoring applications, workflow applications, and collaboration tools to grow and sustain remote teams.
Strategic planning advisor to empower healthcare leaders and aspiring leaders as they pursue breakthroughs in performance.
5 年The downside of BYOD is certainly clear. The idea of an expertly thought out kit to facilitate employee-owned and managed device deployment is really great. I imagine this is designed to be scaleable for the current and future needs of the employer as well?